@partium/js-sdk 15.14.0 → 15.15.0

package/core/integration-defaults/session/js-oauth-web-cookie-session.service.d.ts

@@ -163,6 +163,18 @@ export declare class JSOauthWebCookieSessionService extends OauthSessionService
      * Create a fallback OAuth error when an upstream failure does not already use SdkError.
      */
     private createSdkError;
+    private hasSessionToRevoke;
+    private createPkceCodeVerifier;
+    private createPkceCodeChallenge;
+    private getBrowserCrypto;
+    private storePkceCodeVerifier;
+    private getPkceCodeVerifier;
+    private clearPkceCodeVerifier;
+    private markActiveCookieSession;
+    private hasActiveCookieSession;
+    private clearActiveCookieSession;
+    private getBrowserSessionStorage;
+    private base64UrlEncode;
     private getNumericClaim;
     private getStringArrayClaim;
     private asRefreshValidationErrorDetail;

package/core/integration-defaults/session/js-oauth-web-cookie-session.service.js

@@ -1,2 +1,2 @@
 // Copyright © 2022-2026 Partium, Inc. DBA Partium
-"use strict";var __extends=this&&this.__extends||function(){var r=function(e,t){return r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(r,e){r.__proto__=e}||function(r,e){for(var t in e)Object.prototype.hasOwnProperty.call(e,t)&&(r[t]=e[t])},r(e,t)};return function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function o(){this.constructor=e}r(e,t),e.prototype=null===t?Object.create(t):(o.prototype=t.prototype,new o)}}(),__awaiter=this&&this.__awaiter||function(r,e,t,o){return new(t||(t=Promise))((function(n,i){function s(r){try{u(o.next(r))}catch(r){i(r)}}function a(r){try{u(o.throw(r))}catch(r){i(r)}}function u(r){var e;r.done?n(r.value):(e=r.value,e instanceof t?e:new t((function(r){r(e)}))).then(s,a)}u((o=o.apply(r,e||[])).next())}))},__generator=this&&this.__generator||function(r,e){var t,o,n,i,s={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(a){return function(u){return function(a){if(t)throw new TypeError("Generator is already executing.");for(;i&&(i=0,a[0]&&(s=0)),s;)try{if(t=1,o&&(n=2&a[0]?o.return:a[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,a[1])).done)return n;switch(o=0,n&&(a=[2&a[0],n.value]),a[0]){case 0:case 1:n=a;break;case 4:return s.label++,{value:a[1],done:!1};case 5:s.label++,o=a[1],a=[0];continue;case 7:a=s.ops.pop(),s.trys.pop();continue;default:if(!(n=s.trys,(n=n.length>0&&n[n.length-1])||6!==a[0]&&2!==a[0])){s=0;continue}if(3===a[0]&&(!n||a[1]>n[0]&&a[1]<n[3])){s.label=a[1];break}if(6===a[0]&&s.label<n[1]){s.label=n[1],n=a;break}if(n&&s.label<n[2]){s.label=n[2],s.ops.push(a);break}n[2]&&s.ops.pop(),s.trys.pop();continue}a=e.call(r,s)}catch(r){a=[6,r],o=0}finally{t=n=0}if(5&a[0])throw a[1];return{value:a[0]?a[1]:void 0,done:!0}}([a,u])}}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.JSOauthWebCookieSessionService=exports.JSOauthWebCookieLoginConfig=exports.JSOauthWebCookieAuthenticationConfig=exports.JSOauthWebCookieStatus=void 0;var rxjs_1=require("rxjs"),operators_1=require("rxjs/operators"),auth_config_1=require("../../models/auth-config"),error_1=require("../../models/error"),user_token_1=require("../../models/user-token"),user_1=require("../../models/user"),https_client_service_interface_1=require("../../services/http/https-client/https-client.service.interface"),oauth_session_service_1=require("../../services/session/oauth-session.service"),COOKIE_REQUEST_OPTIONS={withCredentials:!0},MISSING_REFRESH_TOKEN_ERROR_MESSAGE="Refresh token not provided in cookie or request body.",JSOauthWebCookieStatus=function(r){function e(){return null!==r&&r.apply(this,arguments)||this}return __extends(e,r),e}(oauth_session_service_1.OauthStatus);exports.JSOauthWebCookieStatus=JSOauthWebCookieStatus;var JSOauthWebCookieAuthenticationConfig=function(r){function e(e){var t=r.call(this,e)||this;return t.partiumApiBaseUrl="https://api.partium.io",t.oauthSessionService=JSOauthWebCookieSessionService,Object.assign(t,e),t}return __extends(e,r),e}(auth_config_1.OauthAuthenticationConfig);exports.JSOauthWebCookieAuthenticationConfig=JSOauthWebCookieAuthenticationConfig;var JSOauthWebCookieLoginConfig=function(r){function e(e){var t=r.call(this)||this;return Object.assign(t,e),t}return __extends(e,r),e}(oauth_session_service_1.OauthLoginConfig);exports.JSOauthWebCookieLoginConfig=JSOauthWebCookieLoginConfig;var JSOauthWebCookieSessionService=function(r){function e(e){var t=r.call(this,e)||this;return t.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},t.status$=new rxjs_1.BehaviorSubject(t.status),t}return __extends(e,r),e.prototype.onCreate=function(){r.prototype.onCreate.call(this),this.httpsClientService=this.serviceProvider.getService(https_client_service_interface_1.HttpsClientService)},e.prototype.getStatus=function(){return this.status$.asObservable()},e.prototype.login=function(r){var e=this,t=r,o=this.authenticationConfig,n=t.apiKey||o.apiKey,i=this.getUrlQueryParam("code"),s=this.getOauthErrorFromUrl();if(n)return this.loginWithApiKey(n).pipe((0,operators_1.mergeMap)((function(){return e.sessionSetup(t.loginEventContext)})));if(s)return(0,rxjs_1.throwError)((function(){return e.createSdkError(null,s)}));var a=o.authorizationCode||i;if(a){var u=void 0;try{u=this.getRedirectUrl(t)}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}return this.exchangeCodeForToken(a,u).pipe((0,operators_1.tap)((function(){return e.clearAuthCallbackParamsFromUrl()})),(0,operators_1.mergeMap)((function(){return e.sessionSetup(t.loginEventContext)})))}return this.refreshWithCookie().pipe((0,operators_1.mergeMap)((function(){return e.sessionSetup(t.loginEventContext)})),(0,operators_1.catchError)((function(){return e.redirectToLoginPage(t)})))},e.prototype.refresh=function(){var r=this;return this.refreshWithCookie().pipe((0,operators_1.map)((function(e){return r.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return r.handleRefreshError(e)})))},e.prototype.logout=function(r){return void 0!==(null==r?void 0:r.postLogoutRedirectUri)?this.logoutThroughBrowser(r.postLogoutRedirectUri):this.revokeSession()},e.prototype.logoutThroughBrowser=function(r){if("string"!=typeof r||!r.trim())return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,{postLogoutRedirectUri:r},"Missing postLogoutRedirectUri for browser logout.")}));if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,{postLogoutRedirectUri:r},"Cannot redirect to the logout page outside of a browser context.")}));var e;try{e=this.getPartiumApiBaseUrl()}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}var t=new URL("".concat(e,"/auth/logout"));return t.searchParams.set("post_logout_redirect_uri",r),this.resetToken(),this.sessionEnded(),(0,rxjs_1.of)(void 0).pipe((0,operators_1.tap)((function(){return window.location.assign(t.toString())})))},e.prototype.revokeSession=function(){var r,e=this;try{r=this.getPartiumApiBaseUrl()}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}return this.httpsClientService.post("".concat(r,"/auth/revoke"),{access_token:this.status.accessToken||null,refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(){e.resetToken(),e.sessionEnded()})),(0,operators_1.catchError)((function(r){return e.resetToken(),e.sessionEnded(),e.handleError(r)})))},e.prototype.exchangeCodeForToken=function(r,e){var t,o=this;try{t=this.getPartiumApiBaseUrl()}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}return this.httpsClientService.post("".concat(t,"/auth"),{grant_type:"authorization_code",code:r,redirect_uri:e},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(r){return o.updateTokenFromResponse(r)})),(0,operators_1.catchError)((function(r){return o.handleError(r)})))},e.prototype.loginWithApiKey=function(r){var e,t=this;try{e=this.getPartiumApiBaseUrl()}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}return this.httpsClientService.post("".concat(e,"/auth"),{},void 0,{Authorization:"Bearer ".concat(r)},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(r){return t.updateTokenFromResponse(r)})),(0,operators_1.catchError)((function(r){return t.handleError(r)})))},e.prototype.refreshWithCookie=function(){var r;try{r=this.getPartiumApiBaseUrl()}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}return this.httpsClientService.post("".concat(r,"/auth/refresh"),{refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS)},e.prototype.redirectToLoginPage=function(r){if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Cannot redirect to OAuth login page outside of a browser context.")}));var e;try{e=this.getRedirectUrl(r)}catch(r){return(0,rxjs_1.throwError)((function(){return r}))}return(0,rxjs_1.from)(this.buildOauthAuthorizationUrl(e)).pipe((0,operators_1.tap)((function(r){window.location.href=r})),(0,operators_1.mergeMap)((function(){return rxjs_1.NEVER})))},e.prototype.buildOauthAuthorizationUrl=function(r){return __awaiter(this,void 0,void 0,(function(){var e,t,o,n,i,s,a;return __generator(this,(function(u){if(e=this.authenticationConfig,t=e.baseUrl,o=e.realm,n=e.clientId,!t||!o||!n)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,e,"OAuth auth configuration is incomplete. Required: baseUrl, realm, clientId.");return i="".concat(t,"/auth/realms/").concat(o,"/protocol/openid-connect/auth"),s=new URLSearchParams({client_id:n,redirect_uri:r,response_type:"code",response_mode:"query",scope:"openid"}),(a=this.getUrlQueryParam("kc_idp_hint"))&&s.set("kc_idp_hint",a),[2,"".concat(i,"?").concat(s.toString())]}))}))},e.prototype.getRedirectUrl=function(r){var e=r.redirectUrl||this.authenticationConfig.redirectUrl;if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing redirectUrl in OAuth authentication configuration.");return e},e.prototype.getPartiumApiBaseUrl=function(){var r=this.authenticationConfig.partiumApiBaseUrl;if(!r)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing partiumApiBaseUrl in OAuth authentication configuration.");return r},e.prototype.getUrlQueryParam=function(r){var e;return"undefined"!=typeof window&&(null===(e=window.location)||void 0===e?void 0:e.search)?new URLSearchParams(window.location.search).get(r):null},e.prototype.getOauthErrorFromUrl=function(){var r=this.getUrlQueryParam("error"),e=this.getUrlQueryParam("error_description");if(r||e)return[r,e].filter((function(r){return!!r})).join(" - ")},e.prototype.clearAuthCallbackParamsFromUrl=function(){if("undefined"!=typeof window){var r=new URL(window.location.href);r.searchParams.delete("code"),r.searchParams.delete("session_state"),r.searchParams.delete("iss"),r.searchParams.delete("error"),r.searchParams.delete("error_description");var e="".concat(r.pathname).concat(r.search).concat(r.hash);window.history.replaceState(window.history.state,"",e)}},e.prototype.updateTokenFromResponse=function(r){this.updateToken(r.token)},e.prototype.updateToken=function(r){if(r){var e=(0,user_token_1.createUserToken)(r),t=this.getNumericClaim(e.exp),o=this.getNumericClaim(e.iat),n=void 0!==t?new Date(1e3*t):new Date,i=void 0!==o?new Date(1e3*o):new Date,s=user_1.User.createFromToken(e),a=this.getStringArrayClaim(e.features);this.tokenUpdated(r,n),this.setUser(s),this.status={accessToken:r,accessTokenCreateDate:i,accessTokenExpiration:n,refreshToken:void 0,authenticated:!0,user:s,featureFlags:a},this.status$.next(this.status)}else this.resetToken()},e.prototype.resetToken=function(){this.tokenUpdated(null,null),this.setUser(null),this.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},this.status$.next(this.status)},e.prototype.handleRefreshError=function(r){return r instanceof error_1.SdkError&&this.isExpiredOrMissingRefreshError(r)?(this.resetToken(),this.sessionEnded(),(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.REFRESH_TOKEN_EXPIRED,r.detail,"Refresh token expired or missing.")}))):this.handleError(r)},e.prototype.isExpiredOrMissingRefreshError=function(r){return r.code===error_1.SDK_ERROR_CODES.USER_UNAUTHORIZED||r.code===error_1.SDK_ERROR_CODES.UNPROCESSABLE_ENTITY&&this.getRefreshValidationMessages(r.detail).includes(MISSING_REFRESH_TOKEN_ERROR_MESSAGE)},e.prototype.getRefreshValidationMessages=function(r){var e,t,o=this,n=this.asRefreshValidationErrorDetail(r);if(!n)return[];if("string"==typeof n.message)return[n.message];var i=null===(t=null===(e=n.response)||void 0===e?void 0:e.data)||void 0===t?void 0:t.detail;return"string"==typeof i?[i]:Array.isArray(i)?i.map((function(r){return o.getRefreshValidationMessage(r)})).filter((function(r){return void 0!==r})):[]},e.prototype.handleError=function(r){var e=this;return r instanceof error_1.SdkError?(0,rxjs_1.throwError)((function(){return r})):(0,rxjs_1.throwError)((function(){return e.createSdkError(r)}))},e.prototype.createSdkError=function(r,e){return new error_1.SdkError(error_1.SDK_ERROR_CODES.OAUTH_ERROR,r,e)},e.prototype.getNumericClaim=function(r){return"number"==typeof r?r:void 0},e.prototype.getStringArrayClaim=function(r){return Array.isArray(r)&&r.every((function(r){return"string"==typeof r}))?r:void 0},e.prototype.asRefreshValidationErrorDetail=function(r){return this.isObjectRecord(r)?r:void 0},e.prototype.getRefreshValidationMessage=function(r){if(this.isObjectRecord(r))return"string"==typeof r.msg?r.msg:void 0},e.prototype.isObjectRecord=function(r){return"object"==typeof r&&null!==r},e}(oauth_session_service_1.OauthSessionService);exports.JSOauthWebCookieSessionService=JSOauthWebCookieSessionService;
+"use strict";var __extends=this&&this.__extends||function(){var e=function(r,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,r){e.__proto__=r}||function(e,r){for(var t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t])},e(r,t)};return function(r,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function o(){this.constructor=r}e(r,t),r.prototype=null===t?Object.create(t):(o.prototype=t.prototype,new o)}}(),__awaiter=this&&this.__awaiter||function(e,r,t,o){return new(t||(t=Promise))((function(n,i){function s(e){try{u(o.next(e))}catch(e){i(e)}}function a(e){try{u(o.throw(e))}catch(e){i(e)}}function u(e){var r;e.done?n(e.value):(r=e.value,r instanceof t?r:new t((function(e){e(r)}))).then(s,a)}u((o=o.apply(e,r||[])).next())}))},__generator=this&&this.__generator||function(e,r){var t,o,n,i,s={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(a){return function(u){return function(a){if(t)throw new TypeError("Generator is already executing.");for(;i&&(i=0,a[0]&&(s=0)),s;)try{if(t=1,o&&(n=2&a[0]?o.return:a[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,a[1])).done)return n;switch(o=0,n&&(a=[2&a[0],n.value]),a[0]){case 0:case 1:n=a;break;case 4:return s.label++,{value:a[1],done:!1};case 5:s.label++,o=a[1],a=[0];continue;case 7:a=s.ops.pop(),s.trys.pop();continue;default:if(!(n=s.trys,(n=n.length>0&&n[n.length-1])||6!==a[0]&&2!==a[0])){s=0;continue}if(3===a[0]&&(!n||a[1]>n[0]&&a[1]<n[3])){s.label=a[1];break}if(6===a[0]&&s.label<n[1]){s.label=n[1],n=a;break}if(n&&s.label<n[2]){s.label=n[2],s.ops.push(a);break}n[2]&&s.ops.pop(),s.trys.pop();continue}a=r.call(e,s)}catch(e){a=[6,e],o=0}finally{t=n=0}if(5&a[0])throw a[1];return{value:a[0]?a[1]:void 0,done:!0}}([a,u])}}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.JSOauthWebCookieSessionService=exports.JSOauthWebCookieLoginConfig=exports.JSOauthWebCookieAuthenticationConfig=exports.JSOauthWebCookieStatus=void 0;var rxjs_1=require("rxjs"),operators_1=require("rxjs/operators"),auth_config_1=require("../../models/auth-config"),error_1=require("../../models/error"),user_token_1=require("../../models/user-token"),user_1=require("../../models/user"),https_client_service_interface_1=require("../../services/http/https-client/https-client.service.interface"),oauth_session_service_1=require("../../services/session/oauth-session.service"),COOKIE_REQUEST_OPTIONS={withCredentials:!0},MISSING_REFRESH_TOKEN_ERROR_MESSAGE="Refresh token not provided in cookie or request body.",PKCE_CODE_VERIFIER_STORAGE_KEY="partium.oauth.web_cookie.pkce_code_verifier",COOKIE_SESSION_STORAGE_KEY="partium.oauth.web_cookie.has_active_session",COOKIE_SESSION_STORAGE_VALUE="true",PKCE_CODE_CHALLENGE_METHOD="S256",JSOauthWebCookieStatus=function(e){function r(){return null!==e&&e.apply(this,arguments)||this}return __extends(r,e),r}(oauth_session_service_1.OauthStatus);exports.JSOauthWebCookieStatus=JSOauthWebCookieStatus;var JSOauthWebCookieAuthenticationConfig=function(e){function r(r){var t=e.call(this,r)||this;return t.partiumApiBaseUrl="https://api.partium.io",t.oauthSessionService=JSOauthWebCookieSessionService,Object.assign(t,r),t}return __extends(r,e),r}(auth_config_1.OauthAuthenticationConfig);exports.JSOauthWebCookieAuthenticationConfig=JSOauthWebCookieAuthenticationConfig;var JSOauthWebCookieLoginConfig=function(e){function r(r){var t=e.call(this)||this;return Object.assign(t,r),t}return __extends(r,e),r}(oauth_session_service_1.OauthLoginConfig);exports.JSOauthWebCookieLoginConfig=JSOauthWebCookieLoginConfig;var JSOauthWebCookieSessionService=function(e){function r(r){var t=e.call(this,r)||this;return t.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},t.status$=new rxjs_1.BehaviorSubject(t.status),t}return __extends(r,e),r.prototype.onCreate=function(){e.prototype.onCreate.call(this),this.httpsClientService=this.serviceProvider.getService(https_client_service_interface_1.HttpsClientService)},r.prototype.getStatus=function(){return this.status$.asObservable()},r.prototype.login=function(e){var r=this,t=e,o=this.authenticationConfig,n=t.apiKey||o.apiKey,i=this.getUrlQueryParam("code"),s=this.getOauthErrorFromUrl();if(n)return this.loginWithApiKey(n).pipe((0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})));if(s)return this.clearPkceCodeVerifier(),(0,rxjs_1.throwError)((function(){return r.createSdkError(null,s)}));var a=o.authorizationCode||i;if(a){var u=void 0;try{u=this.getRedirectUrl(t)}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.exchangeCodeForToken(a,u).pipe((0,operators_1.tap)((function(){return r.clearAuthCallbackParamsFromUrl()})),(0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})))}return this.refreshWithCookie().pipe((0,operators_1.map)((function(e){return r.updateTokenFromResponse(e)})),(0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})),(0,operators_1.catchError)((function(){return r.redirectToLoginPage(t)})))},r.prototype.refresh=function(){var e=this;return this.refreshWithCookie().pipe((0,operators_1.map)((function(r){return e.updateTokenFromResponse(r)})),(0,operators_1.catchError)((function(r){return e.handleRefreshError(r)})))},r.prototype.logout=function(e){return void 0!==(null==e?void 0:e.postLogoutRedirectUri)?this.logoutThroughBrowser(e.postLogoutRedirectUri):this.revokeSession()},r.prototype.logoutThroughBrowser=function(e){if("string"!=typeof e||!e.trim())return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,{postLogoutRedirectUri:e},"Missing postLogoutRedirectUri for browser logout.")}));if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,{postLogoutRedirectUri:e},"Cannot redirect to the logout page outside of a browser context.")}));var r;try{r=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}var t=new URL("".concat(r,"/auth/logout"));return t.searchParams.set("post_logout_redirect_uri",e),this.resetToken(),this.sessionEnded(),(0,rxjs_1.of)(void 0).pipe((0,operators_1.tap)((function(){return window.location.assign(t.toString())})))},r.prototype.revokeSession=function(){var e,r=this;if(!this.hasSessionToRevoke())return this.resetToken(),this.sessionEnded(),(0,rxjs_1.of)(void 0);try{e=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(e,"/auth/revoke"),{access_token:this.status.accessToken||null,refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(){r.resetToken(),r.sessionEnded()})),(0,operators_1.catchError)((function(e){return r.resetToken(),r.sessionEnded(),r.handleError(e)})))},r.prototype.exchangeCodeForToken=function(e,r){var t,o,n=this;try{t=this.getPartiumApiBaseUrl(),o=this.getPkceCodeVerifier()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(t,"/auth"),{grant_type:"authorization_code",code:e,redirect_uri:r,code_verifier:o},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(e){n.clearPkceCodeVerifier(),n.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return n.handleError(e)})))},r.prototype.loginWithApiKey=function(e){var r,t=this;try{r=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(r,"/auth"),{},void 0,{Authorization:"Bearer ".concat(e)},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(e){return t.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return t.handleError(e)})))},r.prototype.refreshWithCookie=function(){var e;try{e=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(e,"/auth/refresh"),{refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS)},r.prototype.redirectToLoginPage=function(e){if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Cannot redirect to OAuth login page outside of a browser context.")}));var r;try{r=this.getRedirectUrl(e)}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return(0,rxjs_1.from)(this.buildOauthAuthorizationUrl(r)).pipe((0,operators_1.tap)((function(e){window.location.href=e})),(0,operators_1.mergeMap)((function(){return rxjs_1.NEVER})))},r.prototype.buildOauthAuthorizationUrl=function(e){return __awaiter(this,void 0,void 0,(function(){var r,t,o,n,i,s,a,u,c;return __generator(this,(function(h){switch(h.label){case 0:if(r=this.authenticationConfig,t=r.baseUrl,o=r.realm,n=r.clientId,!t||!o||!n)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,r,"OAuth auth configuration is incomplete. Required: baseUrl, realm, clientId.");return i="".concat(t,"/auth/realms/").concat(o,"/protocol/openid-connect/auth"),s=new URLSearchParams({client_id:n,redirect_uri:e,response_type:"code",response_mode:"query",scope:"openid"}),a=this.createPkceCodeVerifier(),[4,this.createPkceCodeChallenge(a)];case 1:return u=h.sent(),this.storePkceCodeVerifier(a),s.set("code_challenge",u),s.set("code_challenge_method",PKCE_CODE_CHALLENGE_METHOD),(c=this.getUrlQueryParam("kc_idp_hint"))&&s.set("kc_idp_hint",c),[2,"".concat(i,"?").concat(s.toString())]}}))}))},r.prototype.getRedirectUrl=function(e){var r=e.redirectUrl||this.authenticationConfig.redirectUrl;if(!r)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing redirectUrl in OAuth authentication configuration.");return r},r.prototype.getPartiumApiBaseUrl=function(){var e=this.authenticationConfig.partiumApiBaseUrl;if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing partiumApiBaseUrl in OAuth authentication configuration.");return e},r.prototype.getUrlQueryParam=function(e){var r;return"undefined"!=typeof window&&(null===(r=window.location)||void 0===r?void 0:r.search)?new URLSearchParams(window.location.search).get(e):null},r.prototype.getOauthErrorFromUrl=function(){var e=this.getUrlQueryParam("error"),r=this.getUrlQueryParam("error_description");if(e||r)return[e,r].filter((function(e){return!!e})).join(" - ")},r.prototype.clearAuthCallbackParamsFromUrl=function(){if("undefined"!=typeof window){var e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("session_state"),e.searchParams.delete("iss"),e.searchParams.delete("error"),e.searchParams.delete("error_description");var r="".concat(e.pathname).concat(e.search).concat(e.hash);window.history.replaceState(window.history.state,"",r)}},r.prototype.updateTokenFromResponse=function(e){this.updateToken(e.token),e.token&&this.markActiveCookieSession()},r.prototype.updateToken=function(e){if(e){var r=(0,user_token_1.createUserToken)(e),t=this.getNumericClaim(r.exp),o=this.getNumericClaim(r.iat),n=void 0!==t?new Date(1e3*t):new Date,i=void 0!==o?new Date(1e3*o):new Date,s=user_1.User.createFromToken(r),a=this.getStringArrayClaim(r.features);this.tokenUpdated(e,n),this.setUser(s),this.status={accessToken:e,accessTokenCreateDate:i,accessTokenExpiration:n,refreshToken:void 0,authenticated:!0,user:s,featureFlags:a},this.status$.next(this.status)}else this.resetToken()},r.prototype.resetToken=function(){this.tokenUpdated(null,null),this.setUser(null),this.clearActiveCookieSession(),this.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},this.status$.next(this.status)},r.prototype.handleRefreshError=function(e){return e instanceof error_1.SdkError&&this.isExpiredOrMissingRefreshError(e)?(this.resetToken(),this.sessionEnded(),(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.REFRESH_TOKEN_EXPIRED,e.detail,"Refresh token expired or missing.")}))):this.handleError(e)},r.prototype.isExpiredOrMissingRefreshError=function(e){return e.code===error_1.SDK_ERROR_CODES.USER_UNAUTHORIZED||e.code===error_1.SDK_ERROR_CODES.UNPROCESSABLE_ENTITY&&this.getRefreshValidationMessages(e.detail).includes(MISSING_REFRESH_TOKEN_ERROR_MESSAGE)},r.prototype.getRefreshValidationMessages=function(e){var r,t,o=this,n=this.asRefreshValidationErrorDetail(e);if(!n)return[];if("string"==typeof n.message)return[n.message];var i=null===(t=null===(r=n.response)||void 0===r?void 0:r.data)||void 0===t?void 0:t.detail;return"string"==typeof i?[i]:Array.isArray(i)?i.map((function(e){return o.getRefreshValidationMessage(e)})).filter((function(e){return void 0!==e})):[]},r.prototype.handleError=function(e){var r=this;return e instanceof error_1.SdkError?(0,rxjs_1.throwError)((function(){return e})):(0,rxjs_1.throwError)((function(){return r.createSdkError(e)}))},r.prototype.createSdkError=function(e,r){return new error_1.SdkError(error_1.SDK_ERROR_CODES.OAUTH_ERROR,e,r)},r.prototype.hasSessionToRevoke=function(){return Boolean(this.status.accessToken)||this.hasActiveCookieSession()},r.prototype.createPkceCodeVerifier=function(){var e=new Uint8Array(32);return this.getBrowserCrypto().getRandomValues(e),this.base64UrlEncode(e)},r.prototype.createPkceCodeChallenge=function(e){return __awaiter(this,void 0,void 0,(function(){var r,t;return __generator(this,(function(o){switch(o.label){case 0:if("undefined"==typeof TextEncoder)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"TextEncoder is required for PKCE OAuth login.");return r=(new TextEncoder).encode(e),[4,this.getBrowserCrypto().subtle.digest("SHA-256",r)];case 1:return t=o.sent(),[2,this.base64UrlEncode(new Uint8Array(t))]}}))}))},r.prototype.getBrowserCrypto=function(){var e;if("function"!=typeof(null===(e=globalThis.crypto)||void 0===e?void 0:e.getRandomValues)||!globalThis.crypto.subtle)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Web Crypto API is required for PKCE OAuth login.");return globalThis.crypto},r.prototype.storePkceCodeVerifier=function(e){this.getBrowserSessionStorage().setItem(PKCE_CODE_VERIFIER_STORAGE_KEY,e)},r.prototype.getPkceCodeVerifier=function(){var e=this.getBrowserSessionStorage().getItem(PKCE_CODE_VERIFIER_STORAGE_KEY);if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Missing PKCE code verifier for OAuth callback.");return e},r.prototype.clearPkceCodeVerifier=function(){"undefined"!=typeof window&&window.sessionStorage.removeItem(PKCE_CODE_VERIFIER_STORAGE_KEY)},r.prototype.markActiveCookieSession=function(){this.getBrowserSessionStorage().setItem(COOKIE_SESSION_STORAGE_KEY,COOKIE_SESSION_STORAGE_VALUE)},r.prototype.hasActiveCookieSession=function(){return"undefined"!=typeof window&&window.sessionStorage.getItem(COOKIE_SESSION_STORAGE_KEY)===COOKIE_SESSION_STORAGE_VALUE},r.prototype.clearActiveCookieSession=function(){"undefined"!=typeof window&&window.sessionStorage.removeItem(COOKIE_SESSION_STORAGE_KEY)},r.prototype.getBrowserSessionStorage=function(){if("undefined"==typeof window)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Browser sessionStorage is required for the web-cookie OAuth flow.");return window.sessionStorage},r.prototype.base64UrlEncode=function(e){var r=Array.from(e,(function(e){return String.fromCharCode(e)})).join("");return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")},r.prototype.getNumericClaim=function(e){return"number"==typeof e?e:void 0},r.prototype.getStringArrayClaim=function(e){return Array.isArray(e)&&e.every((function(e){return"string"==typeof e}))?e:void 0},r.prototype.asRefreshValidationErrorDetail=function(e){return this.isObjectRecord(e)?e:void 0},r.prototype.getRefreshValidationMessage=function(e){if(this.isObjectRecord(e))return"string"==typeof e.msg?e.msg:void 0},r.prototype.isObjectRecord=function(e){return"object"==typeof e&&null!==e},r}(oauth_session_service_1.OauthSessionService);exports.JSOauthWebCookieSessionService=JSOauthWebCookieSessionService;

package/gen/sdk-version.d.ts

@@ -1,2 +1,2 @@
 // Copyright © 2022-2026 Partium, Inc. DBA Partium
-export declare const SDK_VERSION_NUMBER = "15.14.0";
+export declare const SDK_VERSION_NUMBER = "15.15.0";

package/gen/sdk-version.js

@@ -1,2 +1,2 @@
 // Copyright © 2022-2026 Partium, Inc. DBA Partium
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.SDK_VERSION_NUMBER=void 0,exports.SDK_VERSION_NUMBER="15.14.0";
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.SDK_VERSION_NUMBER=void 0,exports.SDK_VERSION_NUMBER="15.15.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@partium/js-sdk",
-  "version": "15.14.0",
+  "version": "15.15.0",
   "author": "Partium Inc.",
   "license": "See LICENSE.txt",
   "description": "The Partium Find SDK enables integration of Partium’s parts and materials search capabilities into JavaScript-based applications.",